============================= WARNING: suspicious RCU usage 4.14.154 #0 Not tainted ----------------------------- include/linux/radix-tree.h:238 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor.0/7417: #0: (&sb->s_type->i_mutex_key#12){+.+.}, at: [] inode_lock include/linux/fs.h:718 [inline] #0: (&sb->s_type->i_mutex_key#12){+.+.}, at: [] shmem_add_seals+0x15e/0x1060 mm/shmem.c:2810 #1: (&(&mapping->tree_lock)->rlock){-...}, at: [] spin_lock_irq include/linux/spinlock.h:342 [inline] #1: (&(&mapping->tree_lock)->rlock){-...}, at: [] shmem_tag_pins mm/shmem.c:2665 [inline] #1: (&(&mapping->tree_lock)->rlock){-...}, at: [] shmem_wait_for_pins mm/shmem.c:2706 [inline] #1: (&(&mapping->tree_lock)->rlock){-...}, at: [] shmem_add_seals+0x334/0x1060 mm/shmem.c:2822 stack backtrace: CPU: 1 PID: 7417 Comm: syz-executor.0 Not tainted 4.14.154 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x142/0x197 lib/dump_stack.c:58 lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:4665 radix_tree_deref_slot include/linux/radix-tree.h:238 [inline] radix_tree_deref_slot include/linux/radix-tree.h:236 [inline] shmem_tag_pins mm/shmem.c:2667 [inline] shmem_wait_for_pins mm/shmem.c:2706 [inline] shmem_add_seals+0x9e0/0x1060 mm/shmem.c:2822 shmem_fcntl+0xf7/0x130 mm/shmem.c:2857 do_fcntl+0x190/0xe10 fs/fcntl.c:421 SYSC_fcntl fs/fcntl.c:463 [inline] SyS_fcntl+0xd5/0x110 fs/fcntl.c:448 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45a639 RSP: 002b:00007f7beac96c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a639 RDX: 0000000000000008 RSI: 0000000000000409 RDI: 0000000000000004 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7beac976d4 R13: 00000000004c1068 R14: 00000000004d3c60 R15: 00000000ffffffff skbuff: bad partial csum: csum=51262/40961 len=26689 bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered forwarding state IPVS: ftp: loaded support on port[0] = 21 device nr0 entered promiscuous mode audit: type=1400 audit(1574169442.477:46): avc: denied { create } for pid=7713 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. The task syz-executor.0 (7719) triggered the difference, watch for misbehavior. audit: type=1400 audit(1574169443.157:47): avc: denied { syslog } for pid=7746 comm="syz-executor.4" capability=34 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 QAT: Invalid ioctl bond0: Error: Device is in use and cannot be enslaved audit: type=1400 audit(1574169443.237:48): avc: denied { ioctl } for pid=7713 comm="syz-executor.0" path="socket:[29768]" dev="sockfs" ino=29768 ioctlcmd=0x8990 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. QAT: Invalid ioctl device nr0 entered promiscuous mode overlayfs: failed to verify origin (33/bus, ino=16623, err=-1) overlayfs: failed to verify upper root origin overlayfs: failed to verify origin (33/bus, ino=16623, err=-1) overlayfs: failed to verify upper root origin selinux_nlmsg_perm: 4342 callbacks suppressed SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8224 sclass=netlink_route_socket pig=7840 comm=syz-executor.5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8224 sclass=netlink_route_socket pig=7840 comm=syz-executor.5 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 ntfs: (device loop3): parse_options(): NLS character set none not found.